FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
59b68b1e-9c78-11e1-b5e0-000c299b62e1php -- multiple vulnerabilities

The PHP Development Team reports:

The release of PHP 5.4.13 and 5.4.3 complete a fix for the vulnerability in CGI-based setups as originally described in CVE-2012-1823. (CVE-2012-2311)

Note: mod_php and php-fpm are not vulnerable to this attack.

PHP 5.4.3 fixes a buffer overflow vulnerability in the apache_request_headers() (CVE-2012-2329).


Discovery 2012-05-08
Entry 2012-05-12
php5
gt 5.4 lt 5.4.3

< 5.3.13

php53
< 5.3.13

php52
< 5.2.17_9

CVE-2012-1823
CVE-2012-2311
CVE-2012-2329
918f38cd-f71e-11e1-8bd8-0022156e8794php5 -- header splitting attack via carriage-return character

Rui Hirokawa reports:

As of PHP 5.1.2, header() can no longer be used to send multiple response headers in a single call to prevent the HTTP Response Splitting Attack. header() only checks the linefeed (LF, 0x0A) as line-end marker, it doesn't check the carriage-return (CR, 0x0D).

However, some browsers including Google Chrome, IE also recognize CR as the line-end.

The current specification of header() still has the vulnerability against the HTTP header splitting attack.


Discovery 2011-11-06
Entry 2012-09-05
Modified 2012-09-19
php5
ge 5.2 lt 5.2.17_11

ge 5.3 lt 5.3.11

ge 5.4 lt 5.4.1

php52
< 5.2.17_11

php53
< 5.3.11

CVE-2011-1398
https://bugs.php.net/bug.php?id=60227
9b2a5e88-02b8-11e2-92d1-000d601460a4php5 -- Denial of Service in php_date_parse_tzfile()

MITRE CVE team reports:

Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.


Discovery 2010-12-08
Entry 2012-09-19
php5
ge 5.2 lt 5.2.17_11

ge 5.3 lt 5.3.9

php52
< 5.2.17_11

php53
< 5.3.9

CVE-2012-0789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0789
https://bugs.php.net/bug.php?id=53502
7fe7df75-6568-11e6-a590-14dae9d210b8End of Life Ports

These packages have reached End of Life status and/or have been removed from the Ports Tree. They may contain undocumented security issues. Please take caution and find alternative software as soon as possible.


Discovery 2016-08-18
Entry 2016-08-18
Modified 2016-10-18
python32
python31
python30
python26
python25
python24
python23
python22
python21
python20
python15
ge 0

php54
php53
php52
php5
php4
ge 0

perl5
< 5.18

perl5.16
perl5.14
perl5.12
perl
ge 0

ruby
ruby_static
< 2.1,1

unifi2
unifi3
ge 0

apache21
apache20
apache13
ge 0

tomcat55
tomcat41
ge 0

mysql51-client
mysql51-server
mysql50-client
mysql50-server
mysql41-client
mysql41-server
mysql40-client
mysql40-server
ge 0

postgresql90-client
postgresql90-server
postgresql84-client
postgresql84-server
postgresql83-client
postgresql83-server
postgresql82-client
postgresql82-server
postgresql81-client
postgresql81-server
postgresql80-client
postgresql80-server
postgresql74-client
postgresql74-server
postgresql73-client
postgresql73-server
postgresql72-client
postgresql72-server
postgresql71-client
postgresql71-server
postgresql7-client
postgresql7-server
ge 0

ports/211975
bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89php -- potential overflow in _php_stream_scandir

The PHP Development Team reports:

The release of PHP 5.4.15 and 5.4.5 fix a potential overflow in _php_stream_scandir


Discovery 2012-07-19
Entry 2012-07-23
Modified 2013-01-15
php5
gt 5.4 lt 5.4.5

ge 5.3 lt 5.3.15

ge 5.2 lt 5.2.17_10

php53
< 5.3.15

php52
< 5.2.17_10

CVE-2012-2688
http://www.php.net/archive/2012.php#id2012-07-19-1
3761df02-0f9c-11e0-becc-0022156e8794php -- NULL byte poisoning

PHP-specific version of NULL-byte poisoning was briefly described by ShAnKaR:

Poison NULL byte vulnerability for perl CGI applications was described in [1]. ShAnKaR noted, that same vulnerability also affects different PHP applications.

PHP developers report that branch 5.3 received a fix:

Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).


Discovery 2010-12-10
Entry 2011-01-13
Modified 2012-11-25
php5
< 5.3.4

php52
< 5.2.17_12

CVE-2006-7243
http://www.securityfocus.com/archive/1/archive/1/445788/100/0/threaded
http://artofhacking.com/files/phrack/phrack55/P55-07.TXT